False positive? software RG Supervision, PDM trojan generic.

[Gemini2039]

Hello, 

 

I have a customer where we have installed Kaspersky Internet Security on more than 5 laptops, and they all have the same detection of a Trojan. It seems that this file is created by powershell, and comes from the software RG Supervision. So it’s not a virus, but even when I place the folder rgsupv in the exclusion list, it keeps alerting about Powershell creating a file (test.ps1)

How can I tell the software it’s not a virus ? 

Thanks for your help. 

 

[Berny]

@Gemini2039 Welcome.

Please submit the object here https://opentip.kaspersky.com/  and request a reanalyze.
 

 

 

 

Also : ⚠ ​ Only if you trust the object  ⚠

• Désactiver l'option "Exécuter automatiquement les actions recommandées"
• Selecter le dossier → Lancer une analyse.
• Transférer la détection Kaspersky en Quarantaine
• Sélectionner le fichier détecté dans la Quarantaine et cliquer sur le bouton “Restaurer”
• Ajouter la/les détection(s) dans la zone de confiance 
• Activer l'option "Exécuter automatiquement les actions recommandées" !!!
• Reboot

​

[Wesly.Zhang]

Hello,

Does this powershell script have a remote download file api (.DownloadFile() ) or network connect api ( .connect() ) or have a  sleep process (Start-Sleep -m $sleep;) or bypass uac script  (Start-Process -WindowStyle hidden -FilePath ‘eventvwr.exe’;) ?

if you have or you don’t know which script trigger PDM detection. You should follow @Berny advice, or you recommand your user add a exclusion rule for your powsershell script.

Regards.

[dogevid]

Unfortunately, manufacturers of security solutions cannot avoid false detection. At Kaspersky, we continuously improve the product testing system and strive to decrease the number of false positives. However, it is impossible to completely avoid such cases, as new threats arise every moment. vidmate w3toys/instagram